Lighttpd 1.4.80 HTTP Request/Response Smuggling Vulnerability

Lighttpd is prone to an HTTP request/response smuggling vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2025-12642

lighttpd1.4.80 incorrectly merged trailer fields into headers after http request parsing. This behavior can be exploited to conduct HTTP Header Smuggling attacks. Successful exploitation may allow an attacker to: Bypass access control rules Inject unsafe input into backend logic that trusts reque...

CVE-2025-12642 HTTP Header Smuggling via Trailer Merge

lighttpd1.4.80 incorrectly merged trailer fields into headers after http request parsing. This behavior can be exploited to conduct HTTP Header Smuggling attacks. Successful exploitation may allow an attacker to: Bypass access control rules Inject unsafe input into backend logic that trusts reque...

OPENSUSE-SU-2025:15448-1 lighttpd-1.4.80-1.1 on GA media

These are all security issues fixed in the lighttpd-1.4.80-1.1 package on the GA media of openSUSE Tumbleweed...